Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Polizei Control Department Virus - Bitte um Hilfe!

Polizei Control Department Virus - Bitte um Hilfe!


Plagegeister aller Art und deren Bekämpfung: Polizei Control Department Virus - Bitte um Hilfe!

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 07.11.2012, 22:14   #1
Wooop
 
Polizei Control Department Virus - Bitte um Hilfe! - Standard

Polizei Control Department Virus - Bitte um Hilfe!


Hallo!


Leider hat es mich auch erwischt mit dem Polizei department control virus.
Ich bitte um Hilfe! Ich wär euch so dankebar, wenn ihr mir helfen könntet!

ich habe wie in anderen Themen beschrieben
malwarebytes Anti-Malware downgeloadet.
quick-scan durchlaufen lassen


Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Datenbank Version: v2012.11.07.08

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
****** :: ******-PRESARIO [Administrator]

07.11.2012 21:39:30
mbam-log-2012-11-07 (22-09-53).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 246282
Laufzeit: 28 Minute(n), 12 Sekunde(n)

Infizierte Speicherprozesse: 2
C:\ProgramData\lsass.exe (Trojan.Delf) -> 4668 -> Keine Aktion durchgeführt.
C:\ProgramData\lsass.exe (Trojan.Delf) -> 5196 -> Keine Aktion durchgeführt.

Infizierte Speichermodule: 1
C:\Users\Thomas\AppData\Local\Temp\wgsdgsdgdsgsd.exe (Trojan.Agent) -> Keine Aktion durchgeführt.

Infizierte Registrierungsschlüssel: 1
HKCU\SOFTWARE\XML (Trojan.FakeAlert) -> Keine Aktion durchgeführt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 1
HKCR\regfile\shell\open\command| (Broken.OpenCommand) -> Bösartig: ("regedit.exe" "%1") Gut: (regedit.exe "%1") -> Keine Aktion durchgeführt.

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 5
C:\Users\******\AppData\Local\Temp\wgsdgsdgdsgsd.exe (Trojan.Agent) -> Keine Aktion durchgeführt.
C:\Users\******\AppData\Local\Temp\_D2BC.tmp (Trojan.Dropper) -> Keine Aktion durchgeführt.
C:\Users\******\AppData\Local\Temp\CSM6200.tmp (PUP.Adware.RelevantKnowledge) -> Keine Aktion durchgeführt.
C:\ProgramData\lsass.exe (Trojan.Delf) -> Keine Aktion durchgeführt.
C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk (Trojan.Ransom.Gen) -> Keine Aktion durchgeführt.

(Ende)


das ist das protokoll.

ich beende jetzt noch alle programme und starte otl und poste dann die log-files..



Logfile OTL.txtOTL Logfile:
Code:
ATTFilter
OTL logfile created on: 07.11.2012 22:17:45 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Thomas\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
2,90 Gb Total Physical Memory | 1,58 Gb Available Physical Memory | 54,51% Memory free
6,04 Gb Paging File | 4,52 Gb Available in Paging File | 74,88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222,42 Gb Total Space | 15,47 Gb Free Space | 6,96% Space Free | Partition Type: NTFS
Drive D: | 10,47 Gb Total Space | 1,78 Gb Free Space | 17,05% Space Free | Partition Type: NTFS
 
Computer Name: THOMAS-PRESARIO | User Name: Thomas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\******\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\ProgramData\lsass.exe (Microsoft Corporation)
PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Programme\Sophos\AutoUpdate\ALsvc.exe (Sophos Plc)
PRC - C:\Programme\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe (Sophos Plc)
PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
PRC - C:\Programme\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Programme\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.)
PRC - C:\Programme\Sophos\Sophos Anti-Virus\SAVAdminService.exe (Sophos Plc)
PRC - C:\Programme\Sophos\AutoUpdate\ALMon.exe (Sophos Plc)
PRC - C:\Programme\Sophos\Sophos Anti-Virus\SavService.exe (Sophos Plc)
PRC - C:\Programme\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Programme\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Programme\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
PRC - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
PRC - C:\Programme\Winamp\winampa.exe ()
PRC - C:\Programme\CyberLink\YouCam\YouCamTray.exe (CyberLink Corp.)
PRC - C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.)
PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\stacsv.exe (IDT, Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\AEstSrv.exe (Andrea Electronics Corporation)
PRC - C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Programme\SMINST\BLService.exe ()
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Programme\Steganos Security Suite 2007\fredirstarter.exe ()
PRC - C:\Programme\Steganos Security Suite 2007\SteganosHotKeyService.exe ()
PRC - C:\Programme\Steganos Security Suite 2007\PasswordManagerFFAutoFill.exe ()
PRC - C:\Windows\System32\SatSrv.exe ()
PRC - C:\Programme\Common Files\microsoft shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\f3d4d5fe5ab848fbfcf91a49960dc8ae\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll ()
MOD - C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Programme\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Programme\Winamp\winampa.exe ()
MOD - C:\Programme\HP\QuickPlay\Kernel\common\MCEMediaStatus.dll ()
MOD - C:\Programme\Steganos Security Suite 2007\fredirstarter.exe ()
MOD - C:\Programme\Steganos Security Suite 2007\SteganosHotKeyService.exe ()
MOD - C:\Programme\Steganos Security Suite 2007\PasswordManagerFFAutoFill.exe ()
MOD - C:\Programme\Steganos Security Suite 2007\PasswordManagerBHO.dll ()
MOD - C:\Programme\Steganos Security Suite 2007\wxmsw28uh_core_vc.dll ()
MOD - C:\Programme\Steganos Security Suite 2007\wxbase28uh_vc.dll ()
MOD - C:\Programme\Steganos Security Suite 2007\wxmsw28uh_html_vc.dll ()
MOD - C:\Programme\Steganos Security Suite 2007\wxbase28uh_net_vc.dll ()
MOD - C:\Programme\Steganos Security Suite 2007\wxmsw28uh_adv_vc.dll ()
MOD - C:\Windows\System32\xvidcore.dll ()
MOD - C:\Windows\System32\xvidvfw.dll ()
MOD - C:\Programme\HP\Digital Imaging\bin\crm\xmltok.dll ()
MOD - C:\Programme\HP\Digital Imaging\bin\crm\xmlparse.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (SBSDWSCService) -- C:\Program Files\Spybot File not found
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (Sophos AutoUpdate Service) -- C:\Programme\Sophos\AutoUpdate\ALsvc.exe (Sophos Plc)
SRV - (fsssvc) -- C:\Programme\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (swi_service) -- C:\Programme\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe (Sophos Plc)
SRV - (BBSvc) -- C:\Programme\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (SeaPort) -- C:\Programme\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (vpnagent) -- C:\Programme\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.)
SRV - (SAVAdminService) -- C:\Programme\Sophos\Sophos Anti-Virus\SAVAdminService.exe (Sophos Plc)
SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (SAVService) -- C:\Programme\Sophos\Sophos Anti-Virus\SavService.exe (Sophos Plc)
SRV - (SwitchBoard) -- C:\Programme\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (osppsvc) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (CVPND) -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\stacsv.exe (IDT, Inc.)
SRV - (AESTFilters) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\AEstSrv.exe (Andrea Electronics Corporation)
SRV - (Recovery Service for Windows) -- C:\Programme\SMINST\BLService.exe ()
SRV - (ezSharedSvc) -- C:\Windows\System32\ezsvc7.dll (EasyBits Sofware AS)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (rpcapd) -- C:\Programme\WinPcap\rpcapd.exe (CACE Technologies)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (Steganos AntiTheft) -- C:\Windows\System32\\SatSrv.exe ()
SRV - (MDM) -- C:\Programme\Common Files\microsoft shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (a15qtka5) --  File not found
DRV - (SAVOnAccess) -- C:\Windows\System32\drivers\savonaccess.sys (Sophos Plc)
DRV - (SophosBootDriver) -- C:\Windows\System32\drivers\SophosBootDriver.sys (Sophos Plc)
DRV - (vpnva) -- C:\Windows\System32\drivers\vpnva.sys (Cisco Systems, Inc.)
DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys ()
DRV - (ggsemc) -- C:\Windows\System32\drivers\ggsemc.sys (Sony Ericsson Mobile Communications)
DRV - (ggflt) -- C:\Windows\System32\drivers\ggflt.sys (Sony Ericsson Mobile Communications)
DRV - (CVPNDRVA) -- C:\Windows\System32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)
DRV - (s1018mdm) -- C:\Windows\System32\drivers\s1018mdm.sys (MCCI Corporation)
DRV - (s1018unic) -- C:\Windows\System32\drivers\s1018unic.sys (MCCI Corporation)
DRV - (s1018mgmt) -- C:\Windows\System32\drivers\s1018mgmt.sys (MCCI Corporation)
DRV - (s1018obex) -- C:\Windows\System32\drivers\s1018obex.sys (MCCI Corporation)
DRV - (s1018bus) -- C:\Windows\System32\drivers\s1018bus.sys (MCCI Corporation)
DRV - (s1018nd5) -- C:\Windows\System32\drivers\s1018nd5.sys (MCCI Corporation)
DRV - (s1018mdfl) -- C:\Windows\System32\drivers\s1018mdfl.sys (MCCI Corporation)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation                                            )
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (DNE) -- C:\Windows\System32\drivers\dne2000.sys (Deterministic Networks, Inc.)
DRV - (IntcHdmiAddService) -- C:\Windows\System32\drivers\IntcHdmi.sys (Intel(R) Corporation)
DRV - (NETw3v32) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel Corporation)
DRV - (seehcri) -- C:\Windows\System32\drivers\seehcri.sys (Sony Ericsson Mobile Communications)
DRV - (NPF) -- C:\Windows\System32\drivers\npf.sys (CACE Technologies)
DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (SLEE_15_DRIVER) -- C:\Windows\System32\drivers\sleen15.sys (Softwareentwicklung Remus - ArchiCrypt )
DRV - (ASPI32) -- C:\Windows\System32\drivers\aspi32.sys (Adaptec)
DRV - (CVirtA) -- C:\Windows\System32\drivers\CVirtA.sys (Cisco Systems, Inc.)
DRV - (PCLEPCI) -- C:\Windows\System32\drivers\Pclepci.sys (Pinnacle Systems GmbH)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_at&c=91&bd=Presario&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_at&c=91&bd=Presario&pf=cnnb
IE - HKLM\..\SearchScopes,DefaultScope = {8A7232F5-E777-4810-B926-0A1A290A58BA}
IE - HKLM\..\SearchScopes\{0E7F191D-CD1F-4637-991B-93EC21D13A62}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
IE - HKLM\..\SearchScopes\{71877E4A-ABF7-425B-88AE-BF46ADFC59C6}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
IE - HKLM\..\SearchScopes\{8A7232F5-E777-4810-B926-0A1A290A58BA}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1134&query={searchTerms}&invocationType=tb50hpcnnbie7-de-at
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2874093757-262404801-3009861482-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_at&c=91&bd=Presario&pf=cnnb
IE - HKU\S-1-5-21-2874093757-262404801-3009861482-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-2874093757-262404801-3009861482-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2874093757-262404801-3009861482-1000\..\SearchScopes,DefaultScope = {AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}
IE - HKU\S-1-5-21-2874093757-262404801-3009861482-1000\..\SearchScopes\{0E7F191D-CD1F-4637-991B-93EC21D13A62}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
IE - HKU\S-1-5-21-2874093757-262404801-3009861482-1000\..\SearchScopes\{71877E4A-ABF7-425B-88AE-BF46ADFC59C6}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
IE - HKU\S-1-5-21-2874093757-262404801-3009861482-1000\..\SearchScopes\{8A7232F5-E777-4810-B926-0A1A290A58BA}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1134&query={searchTerms}&invocationType=tb50hpcnnbie7-de-at
IE - HKU\S-1-5-21-2874093757-262404801-3009861482-1000\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = hxxp://www.daemon-search.com/search/web?q={searchTerms}
IE - HKU\S-1-5-21-2874093757-262404801-3009861482-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: toolbar@web.de:2.3.3
FF - prefs.js..extensions.enabledItems: DTToolbar@toolbarnet.com:1.1.2.0185
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0
FF - prefs.js..extensions.enabledItems: fbpageshow@nolofone.com:1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: quickstores@quickstores.de:1.0.0
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.6.0.8442
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\******\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.28 22:59:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.10.30 22:57:23 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.10.28 22:59:15 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.10.30 22:57:23 | 000,000,000 | ---D | M]
 
[2010.04.04 12:56:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\******\AppData\Roaming\mozilla\Extensions
[2010.04.04 12:56:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Thomas\AppData\Roaming\mozilla\Extensions\{92650c4d-4b8e-4d2a-b7eb-24ecf4f6b63a}
[2012.11.06 16:02:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\ih7v331r.default\extensions
[2010.06.25 10:16:01 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\ih7v331r.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.11.06 16:02:55 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\ih7v331r.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2010.09.14 12:03:11 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\ih7v331r.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.02.02 17:10:27 | 000,000,000 | ---D | M] ("DAEMON Tools Toolbar") -- C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\ih7v331r.default\extensions\DTToolbar@toolbarnet.com
[2011.01.26 19:14:44 | 000,000,000 | ---D | M] (fbpageshow) -- C:\Users\Thomas\AppData\Roaming\mozilla\Firefox\Profiles\ih7v331r.default\extensions\fbpageshow@nolofone.com
[2012.07.06 08:27:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Thomas\AppData\Roaming\mozilla\SeaMonkey\Profiles\4d0ftjy5.default\extensions
[2010.12.16 14:18:57 | 000,000,000 | ---D | M] (JavaScript Debugger) -- C:\Users\Thomas\AppData\Roaming\mozilla\SeaMonkey\Profiles\4d0ftjy5.default\extensions\{f13b157f-b174-47e7-a34d-4815ddfdfeb8}
[2012.10.14 09:58:17 | 000,565,762 | ---- | M] () (No name found) -- C:\Users\Thomas\AppData\Roaming\mozilla\firefox\profiles\ih7v331r.default\extensions\toolbar@web.de.xpi
[2012.10.14 09:58:23 | 000,000,911 | ---- | M] () -- C:\Users\Thomas\AppData\Roaming\mozilla\firefox\profiles\ih7v331r.default\searchplugins\11-suche.xml
[2010.11.01 00:48:47 | 000,002,059 | ---- | M] () -- C:\Users\Thomas\AppData\Roaming\mozilla\firefox\profiles\ih7v331r.default\searchplugins\daemon-search.xml
[2012.10.14 09:58:23 | 000,002,273 | ---- | M] () -- C:\Users\Thomas\AppData\Roaming\mozilla\firefox\profiles\ih7v331r.default\searchplugins\englische-ergebnisse.xml
[2012.10.14 09:58:23 | 000,010,563 | ---- | M] () -- C:\Users\Thomas\AppData\Roaming\mozilla\firefox\profiles\ih7v331r.default\searchplugins\gmx-suche.xml
[2012.10.14 09:58:23 | 000,002,432 | ---- | M] () -- C:\Users\Thomas\AppData\Roaming\mozilla\firefox\profiles\ih7v331r.default\searchplugins\lastminute.xml
[2012.10.14 09:58:23 | 000,005,545 | ---- | M] () -- C:\Users\Thomas\AppData\Roaming\mozilla\firefox\profiles\ih7v331r.default\searchplugins\webde-suche.xml
[2012.10.28 22:59:02 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.10.28 22:59:02 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.10.28 22:59:02 | 000,000,000 | ---D | M] (Steganos Password Manager) -- C:\Programme\Mozilla Firefox\extensions\{9E0B9092-9F7F-46D0-AF0D-986BD4C5F30C}
[2012.10.28 22:59:02 | 000,000,000 | ---D | M] (QuickStores-Toolbar) -- C:\Programme\Mozilla Firefox\extensions\quickstores@quickstores.de
[2012.10.28 22:59:15 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010.03.31 09:09:22 | 010,437,264 | ---- | M] (PDFTron Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\PDFNetC.dll
[2010.04.08 11:36:02 | 000,107,760 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\ScorchPDFWrapper.dll
[2012.06.25 22:15:06 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.04 17:19:18 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.06.25 22:15:06 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.25 22:15:06 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.25 22:15:06 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.25 22:15:06 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://www.google.com/
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Programme\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (Steganos Password Manager AutoFill) - {1427A821-7B93-4F08-9A34-9FA03A3D93DB} - C:\Programme\Steganos Security Suite 2007\PasswordManagerBHO.dll ()
O2 - BHO: (Sophos Web Content Scanner) - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - C:\Programme\Sophos\Sophos Anti-Virus\SophosBHO.dll (Sophos Plc)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (CatcherBHO Class) - {9B4DF450-DCC7-4B07-935D-0CD757A64583} - C:\Programme\Moyea\YouTube FLV Downloader\MoyeaCatcher.dll (Moyea Software Co., Ltd.)
O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Programme\Orbitdownloader\GrabPro.dll ()
O3 - HKU\S-1-5-21-2874093757-262404801-3009861482-1000\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll ()
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Programme\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [Sophos AutoUpdate Monitor] C:\Programme\Sophos\AutoUpdate\ALMon.exe (Sophos Plc)
O4 - HKLM..\Run: [SSS2007 File Redirection Starter] C:\Program Files\Steganos Security Suite 2007\fredirstarter.exe ()
O4 - HKLM..\Run: [SSS2007 HotKeys] C:\Program Files\Steganos Security Suite 2007\SteganosHotKeyService.exe ()
O4 - HKLM..\Run: [SSS2007 PasswordManagerFFAutoFill] C:\Program Files\Steganos Security Suite 2007\PasswordManagerFFAutoFill.exe ()
O4 - HKLM..\Run: [SwitchBoard] C:\Programme\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [YouCam Mirror Tray icon] C:\Program Files\CyberLink\YouCam\YouCamTray.exe (CyberLink Corp.)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2874093757-262404801-3009861482-1000..\Run: [AdobeBridge]  File not found
O4 - HKU\S-1-5-21-2874093757-262404801-3009861482-1000..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-2874093757-262404801-3009861482-1000..\Run: [Facebook Update] C:\Users\Thomas\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-2874093757-262404801-3009861482-1000..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-2874093757-262404801-3009861482-1000..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe AcPro7_0_0 -reboot 1 File not found
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk = C:\ProgramData\lsass.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O7 - HKU\S-1-5-21-2874093757-262404801-3009861482-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Free YouTube Download - C:\Users\Thomas\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Thomas\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-21-2874093757-262404801-3009861482-1000\..Trusted Ranges: Range1 ([http] in Lokales Intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.7.2)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{42032AC4-0EA0-49BA-8649-A4A1F8E4302E}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL) - C:\Programme\Sophos\Sophos Anti-Virus\sophos_detoured.dll (Sophos Plc)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Thomas\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Thomas\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{ad0baaf6-f0d0-11de-9a32-00269e134476}\Shell - "" = AutoRun
O33 - MountPoints2\{ad0baaf6-f0d0-11de-9a32-00269e134476}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{ad0bab17-f0d0-11de-9a32-00269e134476}\Shell - "" = AutoRun
O33 - MountPoints2\{ad0bab17-f0d0-11de-9a32-00269e134476}\Shell\AutoRun\command - "" = F:\.\Autorun.exe AUTORUN=1
O33 - MountPoints2\{ad0bab2d-f0d0-11de-9a32-00269e134476}\Shell - "" = AutoRun
O33 - MountPoints2\{ad0bab2d-f0d0-11de-9a32-00269e134476}\Shell\AutoRun\command - "" = F:\.\Autorun.exe AUTORUN=1
O33 - MountPoints2\{bb365083-e549-11df-ae32-00269e134476}\Shell - "" = AutoRun
O33 - MountPoints2\{bb365083-e549-11df-ae32-00269e134476}\Shell\AutoRun\command - "" = H:\welcome.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.11.07 22:10:34 | 000,000,000 | ---D | C] -- C:\Users\Thomas\Desktop\malwarebytes
[2012.11.07 21:38:00 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Roaming\Malwarebytes
[2012.11.07 21:37:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.11.07 21:37:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.11.07 21:37:28 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.11.07 21:37:28 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.11.07 20:52:18 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\ProgramData\lsass.exe
[2012.11.07 20:30:42 | 000,000,000 | ---D | C] -- C:\Users\Thomas\Desktop\research team
[2012.10.31 00:36:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2012.10.31 00:24:55 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services
[2012.10.30 22:20:14 | 636,444,584 | ---- | C] (Microsoft Corporation) -- C:\Users\Thomas\Desktop\Office Home and Student 2010.exe
[2012.10.28 22:59:01 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012.10.18 20:44:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
[2012.10.18 20:43:58 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Roaming\pdfforge
[2012.10.18 20:41:35 | 000,662,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSCOMCT2.OCX
[2012.10.18 20:41:35 | 000,137,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSMAPI32.OCX
[2012.10.18 20:41:35 | 000,081,920 | ---- | C] (pdfforge GbR) -- C:\Windows\System32\pdfcmon.dll
[2012.10.18 20:41:34 | 000,158,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSCMCDE.DLL
[2012.10.18 20:41:34 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSCC2DE.DLL
[2012.10.18 20:41:33 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSMPIDE.DLL
[2012.10.16 23:48:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco
[2012.10.16 23:48:35 | 000,000,000 | ---D | C] -- C:\Program Files\Cisco
[2012.10.16 23:47:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Cisco
[2012.10.12 19:51:22 | 000,000,000 | ---D | C] -- C:\Users\Thomas\Desktop\GoogleBooks
[2012.10.11 09:55:21 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012.10.11 09:55:21 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012.10.11 09:55:06 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010.02.10 16:35:56 | 011,938,584 | ---- | C] (Moyea Software Co., LTD                                     ) -- C:\Users\Thomas\Moyea FLV Downloader-3.1.2.9-Setup.exe
[2009.10.22 13:49:09 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\ProgramData\hpeBB97.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.11.07 22:24:10 | 083,023,306 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
[2012.11.07 21:58:03 | 000,001,142 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2874093757-262404801-3009861482-1000UA.job
[2012.11.07 21:56:29 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.11.07 21:38:02 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.11.07 21:37:32 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.11.07 21:17:39 | 002,961,768 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.11.07 21:17:39 | 001,316,690 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.11.07 21:17:39 | 000,890,882 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.11.07 21:17:39 | 000,795,964 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.11.07 21:13:57 | 000,000,286 | ---- | M] () -- C:\ProgramData\hpqp.ini
[2012.11.07 21:12:47 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.11.07 21:12:02 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.11.07 21:12:02 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.11.07 21:11:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.11.07 21:11:53 | 3119,435,776 | -HS- | M] () -- C:\hiberfil.sys
[2012.11.07 21:01:03 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.11.07 20:52:26 | 000,000,774 | ---- | M] () -- C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012.11.07 20:52:18 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\ProgramData\lsass.exe
[2012.11.06 16:02:09 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2874093757-262404801-3009861482-1000Core.job
[2012.11.03 17:16:52 | 000,083,456 | ---- | M] () -- C:\Users\Thomas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.10.31 18:55:48 | 003,859,088 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.10.30 22:49:06 | 636,444,584 | ---- | M] (Microsoft Corporation) -- C:\Users\Thomas\Desktop\Office Home and Student 2010.exe
[2012.10.21 19:26:44 | 000,270,267 | ---- | M] () -- C:\Users\Thomas\Desktop\Thesenblatt.pdf
[2012.10.21 15:40:50 | 000,322,126 | ---- | M] () -- C:\Users\Thomas\Desktop\max.jpg
[2012.10.17 23:40:32 | 012,585,580 | ---- | M] () -- C:\Users\Thomas\Documents\clip0337.avi
[2012.10.17 23:34:39 | 001,310,848 | ---- | M] () -- C:\Users\Thomas\Documents\clip0336.avi
[2012.10.16 22:52:50 | 004,215,502 | ---- | M] () -- C:\Users\Thomas\Documents\clip0335.avi
[2012.10.12 02:40:37 | 000,001,971 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012.10.10 08:02:25 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.10.10 08:02:24 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.11.07 21:37:32 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.11.07 21:11:53 | 3119,435,776 | -HS- | C] () -- C:\hiberfil.sys
[2012.11.07 20:52:26 | 000,000,774 | ---- | C] () -- C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012.11.07 20:52:19 | 083,023,306 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
[2012.10.21 19:26:39 | 000,270,267 | ---- | C] () -- C:\Users\Thomas\Desktop\Thesenblatt.pdf
[2012.10.21 15:40:41 | 000,322,126 | ---- | C] () -- C:\Users\Thomas\Desktop\max.jpg
[2012.10.17 23:35:02 | 012,585,580 | ---- | C] () -- C:\Users\Thomas\Documents\clip0337.avi
[2012.10.17 23:34:02 | 001,310,848 | ---- | C] () -- C:\Users\Thomas\Documents\clip0336.avi
[2012.10.16 22:50:24 | 004,215,502 | ---- | C] () -- C:\Users\Thomas\Documents\clip0335.avi
[2011.10.28 02:18:38 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011.10.28 02:16:56 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011.10.27 12:13:41 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2011.10.27 12:05:04 | 000,032,256 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2011.02.09 19:37:57 | 000,000,400 | ---- | C] () -- C:\Windows\dvdtoaviconverter2.ini
[2011.02.09 19:37:56 | 000,761,856 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011.02.09 19:37:56 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011.02.09 19:37:56 | 000,110,080 | ---- | C] () -- C:\Windows\System32\advd.dll
[2011.02.09 19:37:56 | 000,023,040 | ---- | C] () -- C:\Windows\System32\auth.dll
[2011.02.09 19:37:55 | 000,237,568 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2010.12.22 14:20:29 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2010.11.14 22:34:29 | 000,284,160 | ---- | C] () -- C:\Windows\unin0407.exe
[2010.11.05 20:53:16 | 000,000,085 | -HS- | C] () -- C:\ProgramData\.zreglib
[2010.11.04 11:00:49 | 000,006,148 | -H-- | C] () -- C:\Users\Thomas\.DS_Store
[2010.01.05 22:24:54 | 000,000,140 | ---- | C] () -- C:\Users\Thomas\webct_upload_applet.properties
[2009.10.29 09:46:47 | 000,006,080 | ---- | C] () -- C:\Users\Thomas\AppData\Local\d3d9caps.dat
[2009.10.12 00:22:07 | 000,083,456 | ---- | C] () -- C:\Users\Thomas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.07.20 02:19:51 | 000,000,286 | ---- | C] () -- C:\ProgramData\hpqp.ini
 
========== ZeroAccess Check ==========
 
[2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.10 22:28:20 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.10 22:28:26 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2010.11.27 23:18:22 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\Atari
[2009.10.16 12:27:01 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\BeoMediaDatabase
[2010.11.13 01:49:21 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\DAEMON Tools Lite
[2012.01.18 11:19:48 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\Image Zone Express
[2011.07.28 18:09:06 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\OpenOffice.org
[2012.01.18 11:19:44 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\Printer Info Cache
[2010.09.16 21:13:46 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\AbelCam
[2012.01.25 10:37:04 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\AnvSoft
[2010.11.14 21:43:13 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\BeoMediaDatabase
[2010.11.01 01:05:03 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\DAEMON Tools Lite
[2012.10.12 02:00:43 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Dropbox
[2012.02.02 18:17:46 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\DVDVideoSoft
[2012.01.03 21:36:40 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.08.18 23:34:04 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\EyeballChatAvatars
[2011.07.07 08:45:39 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\go
[2012.01.30 18:19:21 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\GrabPro
[2010.01.05 21:56:36 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\ICAClient
[2010.06.30 00:33:34 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\ICQ
[2012.10.17 10:32:49 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Image Zone Express
[2011.04.24 20:33:42 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\IrfanView
[2010.09.20 13:26:00 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\MAGIX
[2009.10.12 20:03:04 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Moyea
[2012.02.02 20:26:45 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\MP3 Karaoke
[2010.11.10 12:45:18 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\OpenOffice.org
[2012.01.30 18:26:42 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Orbit
[2012.10.18 20:43:58 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\pdfforge
[2009.11.17 11:44:40 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Printer Info Cache
[2012.01.30 18:19:33 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\ProgSense
[2010.11.01 00:49:01 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\QuickStoresToolbar
[2009.12.11 16:28:09 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Seiz System Engineering
[2012.09.17 22:30:50 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2010.08.07 11:54:10 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\Steganos
[2009.12.24 22:15:29 | 000,000,000 | ---D | M] -- C:\Users\Thomas\AppData\Roaming\WildTangent
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:FB1B13D8

< End of report >
--- --- ---


logfile extras.txt

OTL EXTRAS Logfile:
OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 07.11.2012 22:17:45 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Thomas\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
2,90 Gb Total Physical Memory | 1,58 Gb Available Physical Memory | 54,51% Memory free
6,04 Gb Paging File | 4,52 Gb Available in Paging File | 74,88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222,42 Gb Total Space | 15,47 Gb Free Space | 6,96% Space Free | Partition Type: NTFS
Drive D: | 10,47 Gb Total Space | 1,78 Gb Free Space | 17,05% Space Free | Partition Type: NTFS
 
Computer Name: THOMAS-PRESARIO | User Name: Thomas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-2874093757-262404801-3009861482-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistApplianMP] -- "C:\Program Files\Applian Technologies\Applian FLV and Media Player\amp.exe" -I skins2 --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithApplianMP] -- "C:\Program Files\Applian Technologies\Applian FLV and Media Player\amp.exe" -I skins2 --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
"" = 
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Orbitdownloader\orbitdm.exe" = C:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files\Orbitdownloader\orbitnet.exe" = C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01312BF0-EF97-455A-9ECC-63F2E7CABEB7}" = rport=138 | protocol=17 | dir=out | app=system | 
"{0579BB98-7504-45D1-A1CD-2A4262784EE5}" = rport=2869 | protocol=6 | dir=out | app=system | 
"{078DA322-75C4-4269-A62B-6551360A8944}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{1BF5A8DB-8164-4546-9598-B64343399CEB}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{271B6A9F-8321-4B9E-B40A-5EBDC92D81DB}" = lport=138 | protocol=17 | dir=in | app=system | 
"{303D2F1A-C9EF-42EA-9CAC-DD5F90FC61E1}" = lport=139 | protocol=6 | dir=in | app=system | 
"{30740A76-B11F-4046-8C8E-79D38DAE7E29}" = rport=139 | protocol=6 | dir=out | app=system | 
"{3CD54FE6-EA68-4026-B044-95EADA804F0D}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{4D529F0B-DC28-459C-B3DE-99960397018E}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{548C6C55-6666-448B-8696-8AB6E6151998}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{63782348-26A0-4A2A-B449-47FB8C95BAB4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{7F700A02-47EA-4794-8858-3CA03AFB65B5}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{907D0198-55EE-4E0B-A13B-D540DB157D59}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{97CAEC97-172D-48E0-B362-4C0AA809A159}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{9A98A323-AEDD-4F0B-9FDB-53AEC66E29F4}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{9E6E364D-5376-4CB9-90CD-6F824E2A867B}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{9F43FC3C-1F62-4B7D-AB71-A056C6756283}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{A906F3EF-B936-4A87-BDE4-B848CF410E03}" = lport=445 | protocol=6 | dir=in | app=system | 
"{AF926C52-17AC-4409-A81F-8B7A43812269}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{B7E390CE-6CED-489B-B12E-1DCFDDDB16F4}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{BBE61457-7730-4FB6-BA4D-897A27B361AF}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{BE94C6D2-703C-476C-BF4A-294C36B88C03}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{C846980F-2C16-4101-AA0D-0F94FC950865}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{C88E054F-DE38-4AD5-95C8-FDD36CF212B4}" = lport=137 | protocol=17 | dir=in | app=system | 
"{CEF2102F-258C-4EC0-B780-7099B43BA51E}" = rport=137 | protocol=17 | dir=out | app=system | 
"{D966B3FC-D41B-4C1D-8A98-C2AEEC1B3A85}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{E778360E-93B7-4BE1-8E38-A1FD77310EA7}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{F40404F9-134A-4F40-AF33-6E1506ACEFCC}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{F5144557-0A02-4868-9078-2BE7083B5D20}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{F55792EE-542A-4FE9-932A-03D9411A81B1}" = lport=7935 | protocol=6 | dir=in | name=adobe flash builder 4.6 | 
"{F64224FB-7AC7-4431-B2A2-B680BB7B26B7}" = rport=445 | protocol=6 | dir=out | app=system | 
"{F7B6E137-A8CB-4E0D-A7D3-A00CB6B06C3F}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{011549D7-B835-4E64-B362-FCB68BBA0C74}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{0C60AA4F-EBA4-4B06-B729-3DFEE3417084}" = dir=in | app=c:\program files\windows live\mesh\moe.exe | 
"{0D3F0A65-B758-4F66-9161-EC6D9D390B27}" = protocol=6 | dir=out | app=system | 
"{0ED4B26A-0A58-4408-8AC1-9ECFDD0F2EC3}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{14A5CC50-747C-405C-B502-3BB5D69BD39B}" = protocol=6 | dir=in | app=c:\program files\adobe\adobe flash builder 4.6\flashbuilder.exe | 
"{24EF7962-19D5-4858-B9AB-5AD4D3C21C77}" = protocol=17 | dir=in | app=c:\program files\abelcam\abelcam.exe | 
"{28AA4BEC-1422-4A5E-BBAA-C6DF68648074}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{2C14C1E9-8CBB-4A92-B844-CC14EDFE5A5E}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{30A69A64-0995-4484-816A-3FC83EB95C06}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{36CDC959-6840-401F-A0CC-38EFB06ADCC5}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{38CA8D04-1D75-43CE-BBEE-06F15245F78C}" = dir=in | app=c:\users\thomas\appdata\local\facebook\video\skype\facebookvideocalling.exe | 
"{3D00A356-9F41-4062-85C5-3E6A8808ACCD}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{452C2B2E-B20D-429A-A48F-3E6F59890A63}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe | 
"{48001C9D-66FC-41C0-BF59-30078F324AC0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{5F1DB247-481A-47B0-A231-C879939DAC15}" = protocol=6 | dir=in | app=c:\program files\sony ericsson\update service\update service.exe | 
"{6F279A22-35C4-4FA6-87BE-286180653220}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{70172ED6-C534-49D9-A4FC-3F3086938092}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{72B5B7D1-2C69-4645-8915-44E1A7E7863D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{7772EE00-B248-4DDD-99E4-759D2914599B}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{7BBD0ABE-9062-4957-AF57-277E6F87F04B}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{80F227FA-10AA-4075-920E-E9AB2FA2EC02}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{84F2895C-938A-4292-AD6E-7D276B0DDC79}" = protocol=6 | dir=in | app=c:\users\thomas\appdata\roaming\dropbox\bin\dropbox.exe | 
"{86AE6FE9-EEF6-4CA3-83E1-13F7AD57BEAC}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{8F139232-E633-4F2E-BC10-2C30B4CA41A6}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{8F3030C2-E341-4098-88CE-2E37D468CDD9}" = dir=in | app=c:\program files\hp\quickplay\qp.exe | 
"{8F9B515E-A13B-44FE-856A-5E39B2D2E1B4}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{A42C8C65-6510-45E4-BC94-3FEF17642DCC}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | 
"{A6601950-5F4E-4FF5-A3F1-73ED6557E923}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{A997DAD7-5FE6-4981-8023-08DADF3577EF}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe | 
"{B844CE83-573D-41AC-AD05-16402A8F086D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{B8CA2111-DB8F-48A4-8949-80677E98F3CE}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{C183AA42-D966-4EFE-A9B4-2E7DDF312A5B}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | 
"{CBD77915-8F02-489A-8C32-6B9481B6BAAE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{CCB5F51F-C853-43CD-B12C-84B559B6AF61}" = protocol=17 | dir=in | app=c:\users\thomas\appdata\roaming\dropbox\bin\dropbox.exe | 
"{D2AA28C4-90AF-4583-A9C5-5E9689602D40}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{DAD2C302-C6FC-4A09-948C-DF9E269E0B85}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{DE2C6985-BD7F-4929-BFC0-0D43512E6539}" = protocol=6 | dir=in | app=c:\program files\abelcam\abelcam.exe | 
"{EAC45FDC-75D0-4202-9CCE-5F086328F816}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{ED40D5A3-E709-4C67-821A-5BFCC07A576C}" = protocol=17 | dir=in | app=c:\program files\sony ericsson\update service\update service.exe | 
"{F1CA0813-A80A-48AA-BF6E-FE852A38861C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{F3524E24-3EF4-49A0-BE79-DB660C358F10}" = protocol=17 | dir=in | app=c:\program files\adobe\adobe flash builder 4.6\flashbuilder.exe | 
"TCP Query User{01EA5B78-06E7-4FA8-9454-79F85E9A7E5F}C:\users\thomas\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\thomas\appdata\roaming\dropbox\bin\dropbox.exe | 
"TCP Query User{06EF625B-4B78-4C24-BC3D-37F7525FA0BA}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{251A896D-604D-4888-B326-6DE22FA78D07}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"TCP Query User{57AEB919-DBA5-4B95-BA0A-7DC4737ADD90}C:\program files\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files\emule\emule.exe | 
"TCP Query User{7057EA68-11D8-4D55-8EBD-70698667B114}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"TCP Query User{FBB99A5B-4484-4D17-AD73-F742E5A0F1C5}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"TCP Query User{FED2EAB7-75F8-488A-9560-5A075AC5C536}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"UDP Query User{01BD9239-29AC-4D45-ADDF-14EA30FC120A}C:\users\thomas\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\thomas\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{2AB775C7-AA0D-482F-B4B0-4102270CCAFD}C:\program files\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files\emule\emule.exe | 
"UDP Query User{3DE69830-30A7-480B-980C-976F10117616}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"UDP Query User{6393C0D6-24AF-4C92-90AB-7B6956534AE7}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"UDP Query User{74FF989C-BFFA-48A1-A922-1BA74A58D7DB}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"UDP Query User{A89252D8-7A2E-4417-B1C0-471355B19CCE}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{F6F27925-73DE-498A-B1D8-F69B523D52AF}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0054A0F6-00C9-4498-B821-B5C9578F433E}" = HP Help and Support
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{059FC833-447B-45E8-BA27-0189C4DC2D88}" = Cisco AnyConnect VPN Client
"{08B785C1-3893-4154-B53B-F5D341D0AAAA}" = Cisco Systems VPN Client 5.0.06.0110
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C3483D4-8F07-466F-9463-7910F269B310}" = Steganos Security Suite 2007
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
"{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software  1.14.17.1
"{10ABE49D-343A-463E-9753-C4C5A05ECEF9}" = Sibelius Scorch (Firefox, Opera, Netscape only)
"{13413C6C-C640-40B8-917E-CA3062826B18}" = PIXELA ImageMixer
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}" = HP Total Care Advisor
"{15C418EB-7675-42be-B2B3-281952DA014D}" = Sophos AutoUpdate
"{17050C48-16CB-4500-A102-CEAD750CE11E}" = HP User Guides 0138
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{185F9795-9663-4F13-9EF9-307A282ADB5A}" = ph
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F2A5DF9-40E1-4644-ADBD-D80F347BA6C8}" = Windows Mobile-Gerätecenter
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{22DD005D-0EF1-4E3E-92F8-49D89E31479A}" = 1400
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{2A075BB4-E976-4278-BF3F-E5C6945D84C0}" = bl
"{2D6E3D97-1FDF-4993-AC75-72F59EC445C5}" = Windows Live Family Safety
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 M1
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EAAC5FD-E209-4856-8C49-D4EA40F85032}" = Mobile Connect
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{449CE12D-E2C7-4B97-B19E-55D163EA9435}" = Bing Bar
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 3.7
"{47F36D92-E58E-456D-B73C-3382737E4C42}" = HP Update
"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{57A5AEC1-97FC-474D-92C4-908FCC2253D4}" = HP Customer Experience Enhancements
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A3C2391-BCE2-4D28-A336-73B953B4502F}" = 1400Trb
"{6FBE200D-1F00-40B7-BF48-FEB265AADE94}" = 1400_Help
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{732A3F80-008B-4350-BD58-EC5AE98707B8}" = HP Common Access Service Library
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7A7DC702-DEDE-42A8-8722-B3BA724D546F}" = Fax
"{7B15D70E-9449-4CFB-B9BC-798465B2BD5C}" = Norton Internet Security
"{7B63B2922B174135AFC0E1377DD81EC2}" = 
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{95A747E0-DF19-46CB-A622-20A0107201BD}" = HP Total Care Setup
"{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9ACB414D-9347-40B6-A453-5EFB2DB59DFA}" = Sophos Anti-Virus
"{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A3B7C670-4A1E-4EE2-950E-C875BC1965D0}" = Copy
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.6 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}" = Adobe Shockwave Player
"{AF37176A-78CA-545B-34EF-8B6A21514DD1}" = Adobe Help Manager
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6
"{C25215FC-5900-48B0-B93C-8D3379027312}" = PASW Statistics 18
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2}" = HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB8CA439-DA83-419C-A4CF-5A0A50025144}" = Windows Mobile-Gerätecenter: Treiberupdate
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DFFC0648-BC4B-47D1-93D2-6CA6B9457641}" = OpenOffice.org 3.2
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E09575B2-498D-4C8B-A9D2-623F78574F29}" = AIO_CDB_Software
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E5E29403-3D25-40C6-892B-F9FEE2A95585}" = HP Wireless Assistant
"{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
"{E8020EC7-5DD8-80C9-7237-7B2E9BDA8CC6}" = muvee Reveal
"{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}" = Adobe Creative Suite 6 Master Collection
"{EA426461-31AA-4AB3-B15D-EDD748F08394}_is1" = Moyea YouTube FLV Downloader version: 3.1.2.0
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EBFEEB3F-3E3B-4725-A4E0-376144CE4F76}" = Citrix XenApp Web Plugin
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EFBE6DD5-B224-96E5-72B9-68D328CB12A6}" = Adobe Widget Browser
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F5A4F780-DF0C-444F-BA82-637CCF5C8052}" = Windows Live Family Safety
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp
"119C21A0-FA78-44AE-91B0-C02E39E1829D_is1" = MP3 Karaoke 6.1.7
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Any DVD Converter Professional_is1" = Any DVD Converter Professional 4.1.8
"Any Video Converter_is1" = Any Video Converter 3.3.3
"Applian FLV and Media Player" = Applian FLV and Media Player 3.1.1.12
"ASIO4ALL" = ASIO4ALL
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Help Manager
"CloneDVD2" = CloneDVD2
"Collab" = Collab
"com.adobe.WidgetBrowser" = Adobe Widget Browser
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup" = DivX-Setup
"DVD To AVI Converter_is1" = DVD To AVI Converter 1.10
"DVDx 4.0 Open Edition" = DVDx 4.0 Open Edition
"Easy MP3 Cutter_is1" = Easy MP3 Cutter 2.9
"eMule" = eMule
"Flv Grabber_is1" = FlvGrabber
"FLV Player" = FLV Player 2.0 (build 25)
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2
"Free YouTube Download_is1" = Free YouTube Download version 3.0.20.1228
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.15.1228
"Google Chrome" = Google Chrome
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPOCR" = HP OCR Software 8.0
"HyperCam 2" = HyperCam 2
"IL Download Manager" = IL Download Manager
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"IrfanView" = IrfanView (remove only)
"iSofter DVD Ripper Platinum_is1" = iSofter DVD Ripper Platinum 3.0.2007.228
"MAGIX 3D Maker D" = MAGIX 3D Maker (embeded)
"MAGIX Screenshare D" = MAGIX Screenshare
"MAGIX Speed burnR D" = MAGIX Speed burnR
"MAGIX Xtreme Foto Designer 6 D" = MAGIX Xtreme Foto Designer 6
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"Orbit_is1" = Orbit Downloader
"Picasa 3" = Picasa 3
"QuickStores-Toolbar_is1" = QuickStores-Toolbar 1.0.0
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Uninstall_is1" = Uninstall 1.0.0.1
"VirtualCloneDrive" = VirtualCloneDrive
"WildTangent hp Master Uninstall" = My HP Games
"Winamp" = Winamp
"WinISO_is1" = WinISO 5.3
"WinLiveSuite" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.0.2
"WinRAR archiver" = WinRAR
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2874093757-262404801-3009861482-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 07.02.2012 11:14:23 | Computer Name = Thomas-Presario | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung Explorer.EXE, Version 6.0.6002.18005, Zeitstempel
 0x49e01da5, fehlerhaftes Modul ntdll.dll, Version 6.0.6002.18541, Zeitstempel 0x4ec3e3d5,
 Ausnahmecode 0xc0000005, Fehleroffset 0x0003dd6d,  Prozess-ID 0x608, Anwendungsstartzeit
 01cce4f86928ec3d.
 
Error - 07.02.2012 16:56:02 | Computer Name = Thomas-Presario | Source = Google Update | ID = 20
Description = 
 
Error - 07.02.2012 18:51:44 | Computer Name = Thomas-Presario | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung SndVol.exe, Version 6.0.6002.18005, Zeitstempel
 0x49e02226, fehlerhaftes Modul ntdll.dll, Version 6.0.6002.18541, Zeitstempel 0x4ec3e3d5,
 Ausnahmecode 0xc0000008, Fehleroffset 0x000745ac,  Prozess-ID 0x11f0, Anwendungsstartzeit
 01cce5d0f76f5a50.
 
Error - 08.02.2012 06:56:28 | Computer Name = Thomas-Presario | Source = WinMgmt | ID = 10
Description = 
 
Error - 08.02.2012 07:04:44 | Computer Name = Thomas-Presario | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 08.02.2012 19:01:10 | Computer Name = Thomas-Presario | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 14.02.2012 08:30:01 | Computer Name = Thomas-Presario | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 14.02.2012 08:30:01 | Computer Name = Thomas-Presario | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 14.02.2012 10:29:48 | Computer Name = Thomas-Presario | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 15.02.2012 19:05:49 | Computer Name = Thomas-Presario | Source = Windows Search Service | ID = 3013
Description = 
 
[ Cisco AnyConnect VPN Client Events ]
Error - 03.11.2012 08:25:51 | Computer Name = Thomas-Presario | Source = vpnagent | ID = 67108866
Description = Function: CNetEnvironment::TestAccessToSG File: .\NetEnvironment.cpp
Line:
 1020 Invoked Function: CNetEnvironment::analyzeHttpResponse Return Code: -28901363
 (0xFE47000D) Description: NETENVIRONMENT_ERROR_PROBE_INCOMPLETE:Network Probe could
 not contact target 
 
Error - 03.11.2012 08:25:51 | Computer Name = Thomas-Presario | Source = vpnagent | ID = 67108866
Description = Function: CNetEnvironment::testNetwork File: .\NetEnvironment.cpp Line:
 856 Invoked Function: CNetEnvironment::IsSGAccessible Return Code: -28901363 (0xFE47000D)
Description:
 NETENVIRONMENT_ERROR_PROBE_INCOMPLETE:Network Probe could not contact target 
 
Error - 03.11.2012 08:25:51 | Computer Name = Thomas-Presario | Source = vpnagent | ID = 67108866
Description = Function: CNetEnvironment::TestNetEnv File: .\NetEnvironment.cpp Line:
 190 Invoked Function: CNetEnvironment::testNetwork Return Code: -28901363 (0xFE47000D)
Description:
 NETENVIRONMENT_ERROR_PROBE_INCOMPLETE:Network Probe could not contact target 
 
Error - 03.11.2012 08:26:21 | Computer Name = Thomas-Presario | Source = vpnagent | ID = 67108866
Description = Function: URL::URL File: .\Utility\URL.cpp Line: 36 Invoked Function:
 URL::setURL Return Code: -28508150 (0xFE4D000A) Description: URL_ERROR_BAD_URL 
 
Error - 03.11.2012 08:26:29 | Computer Name = Thomas-Presario | Source = vpnagent | ID = 67108866
Description = Function: CHttpSessionAsync::OnTransportInitiateComplete File: .\IP\HttpSessionAsync.cpp
Line:
 1002 Invoked Function: ISocketTransportCB::OnTransportInitiateComplete Return Code:
 -31522780 (0xFE1F0024) Description: SOCKETTRANSPORT_ERROR_CONNECT_TIMEOUT 
 
Error - 03.11.2012 08:26:29 | Computer Name = Thomas-Presario | Source = vpnagent | ID = 67108866
Description = Function: CHttpProbeAsync::OnOpenRequestComplete File: .\IP\HttpProbeAsync.cpp
Line:
 254 Invoked Function: CHttpSessionAsync::OnOpenRequestComplete Return Code: -31522780
 (0xFE1F0024) Description: SOCKETTRANSPORT_ERROR_CONNECT_TIMEOUT 
 
Error - 03.11.2012 08:26:29 | Computer Name = Thomas-Presario | Source = vpnagent | ID = 67108866
Description = Function: CSocketTransport::OnTimerExpired File: .\IPC\SocketTransport.cpp
Line:
 1175 Invoked Function: CSocketTransport::postConnectProcessing Return Code: -31522780
 (0xFE1F0024) Description: SOCKETTRANSPORT_ERROR_CONNECT_TIMEOUT 
 
Error - 03.11.2012 08:26:29 | Computer Name = Thomas-Presario | Source = vpnagent | ID = 67108866
Description = Function: CNetEnvironment::TestAccessToSG File: .\NetEnvironment.cpp
Line:
 1020 Invoked Function: CNetEnvironment::analyzeHttpResponse Return Code: -28901363
 (0xFE47000D) Description: NETENVIRONMENT_ERROR_PROBE_INCOMPLETE:Network Probe could
 not contact target 
 
Error - 03.11.2012 08:26:29 | Computer Name = Thomas-Presario | Source = vpnagent | ID = 67108866
Description = Function: CNetEnvironment::testNetwork File: .\NetEnvironment.cpp Line:
 856 Invoked Function: CNetEnvironment::IsSGAccessible Return Code: -28901363 (0xFE47000D)
Description:
 NETENVIRONMENT_ERROR_PROBE_INCOMPLETE:Network Probe could not contact target 
 
Error - 03.11.2012 08:26:29 | Computer Name = Thomas-Presario | Source = vpnagent | ID = 67108866
Description = Function: CNetEnvironment::TestNetEnv File: .\NetEnvironment.cpp Line:
 190 Invoked Function: CNetEnvironment::testNetwork Return Code: -28901363 (0xFE47000D)
Description:
 NETENVIRONMENT_ERROR_PROBE_INCOMPLETE:Network Probe could not contact target 
 
 
Error encountered while reading event logs.
 
< End of report >
--- --- ---

--- --- ---





Ich hoffe es kann mir jemand bei meinem Problem helfen!

Liebe Grüße
Wooop

ich hab nun einfach das system auf gestern wiederhergestellt. jetzt scheint es wieder zu klappen

muss ich noch etwas beachten?

lg
wooop
Geändert von Wooop (07.11.2012 um 22:42 Uhr) Grund: Logfiles hinzufügen

Alt 08.11.2012, 09:35   #2
t'john
/// Helfer-Team
 
Polizei Control Department Virus - Bitte um Hilfe! - Standard

Polizei Control Department Virus - Bitte um Hilfe!




Die Bereinigung besteht aus mehreren Schritten, die ausgefuehrt werden muessen.
Diese Nacheinander abarbeiten und die 4 Logs, die dabei erstellt werden bitte in deine naechste Antwort einfuegen.

Sollte der OTL-FIX nicht richig durchgelaufen sein. Fahre nicht fort, sondern mede dies bitte.

1. Schritt

Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

  • Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
  • Starte die OTL.exe.
    Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:
  • Der Fix fängt mit :OTL an. Vergewissere dich, dass du ihn richtig kopiert hast.


Code:
ATTFilter
:OTL
O4 - HKU\S-1-5-21-2874093757-262404801-3009861482-1000..\Run: [AdobeBridge] File not found 
O4 - Startup: C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk = C:\ProgramData\lsass.exe (Microsoft Corporation) 
O7 - HKU\S-1-5-21-2874093757-262404801-3009861482-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0 
[2012.11.07 20:52:26 | 000,000,774 | ---- | M] () -- C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk 

@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:FB1B13D8 
[2012.11.07 22:24:10 | 083,023,306 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.pad 

[2012.11.07 20:52:18 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\ProgramData\lsass.exe 

:Files
C:\ProgramData\*.exe
C:\ProgramData\TEMP
C:\Users\Thomas\*.tmp
C:\Users\Thomas\AppData\Local\{*}
C:\Users\Thomas\AppData\Local\Temp\*.exe
C:\Users\Thomas\AppData\LocalLow\Sun\Java\Deployment\cache
%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
ipconfig /flushdns /c
:Commands
[emptytemp]
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Wenn OTL einen Neustart verlangt, bitte zulassen.
  • Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
    Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\<datum_nummer.log>

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!



2. Schritt
Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktualisiere die Datenbank!
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".
danach:

3. Schritt

Downloade Dir bitte AdwCleaner auf deinen Desktop.

  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Search.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.



4. Schritt
  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Delete.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.
__________________

__________________
Alt 19.12.2012, 11:10   #3
t'john
/// Helfer-Team
 
Polizei Control Department Virus - Bitte um Hilfe! - Standard

Polizei Control Department Virus - Bitte um Hilfe!


Fehlende Rückmeldung

Gibt es Probleme beim Abarbeiten obiger Anleitung?

Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen.

Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema.
http://www.trojaner-board.de/69886-a...-beachten.html


Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist.
__________________
__________________
Antwort

Themen zu Polizei Control Department Virus - Bitte um Hilfe!
32 bit, administrator, anti-malware, any video converter, appdata, autostart, bingbar, control, dateien, document, entfernen, explorer, gen, hilfe!, install.exe, intranet, launch, limited.com/facebook, lsass.exe, microsoft, ntdll.dll, officejet, plug-in, polizei control department, polizei trojaner, polizei virus trojaner österreich, programme, regedit.exe, roaming, safer networking, service pack 2, shell, software, speicher, sttray.exe, temp, thomas, trojan.agent, trojan.fakealert, usb 2.0, version, virus, vista, wgsdgsdgdsgsd.exe


« GVU Trojaner - komplette löschung | Gvu trojaner »


Ähnliche Themen: Polizei Control Department Virus - Bitte um Hilfe!


  1. Polizei Control Department Gegen Cyberkriminalität
    Plagegeister aller Art und deren Bekämpfung - 05.04.2013 (8)
  2. Polizei (Österreich) Control Department "Ihr Computer ist gesperrt"
    Plagegeister aller Art und deren Bekämpfung - 26.03.2013 (12)
  3. Polizei Control Department gegen Czberkriminialitaet, auch im abgesicherten Modus
    Plagegeister aller Art und deren Bekämpfung - 13.03.2013 (35)
  4. Polizei Control Department Gegen Cyberkriminalität Virus
    Plagegeister aller Art und deren Bekämpfung - 03.03.2013 (6)
  5. Polizei Control Department
    Plagegeister aller Art und deren Bekämpfung - 19.02.2013 (13)
  6. Control Department gegen Cyberkriminalität -Virus nicht mehr da?
    Plagegeister aller Art und deren Bekämpfung - 10.02.2013 (13)
  7. Laptop infiziert mit Polizei Control Department Gegen Cyberkriminalität Virus - OTL.Txt privat posten
    Plagegeister aller Art und deren Bekämpfung - 01.02.2013 (11)
  8. Polizei (Österreich) Control Department "Ihr Computer ist gesperrt
    Plagegeister aller Art und deren Bekämpfung - 31.01.2013 (11)
  9. Polizei Control Department gegen Cyberkriminalität "Ihr Computer ist gesperrt"
    Plagegeister aller Art und deren Bekämpfung - 31.01.2013 (15)
  10. Polizei Control Department gegen Cyberkriminalität "Ihr Computer ist gesperrt"
    Plagegeister aller Art und deren Bekämpfung - 31.01.2013 (7)
  11. Polizei Control Department Gegen Cyberkriminalität Virus auch im Abgesicherten Modus
    Plagegeister aller Art und deren Bekämpfung - 26.01.2013 (19)
  12. Polizei Control Department - Sperrbildschirm
    Log-Analyse und Auswertung - 10.01.2013 (29)
  13. Polizei Department Control Trojaner
    Log-Analyse und Auswertung - 02.01.2013 (28)
  14. Polizei Control Department Virus
    Log-Analyse und Auswertung - 29.12.2012 (4)
  15. Polizei Control Department gegen cyberkriminalität Trojaner
    Log-Analyse und Auswertung - 28.12.2012 (3)
  16. Polizei Control Department Virus
    Plagegeister aller Art und deren Bekämpfung - 14.12.2012 (6)
  17. Polizei Virus - Cyber Crime Investigation Department
    Log-Analyse und Auswertung - 09.10.2012 (28)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Polizei Control Department Virus - Bitte um Hilfe! - Hallo! Leider hat es mich auch erwischt mit dem Polizei department control virus. Ich bitte um Hilfe! Ich wär euch so dankebar, wenn ihr mir helfen könntet! ich habe wie - Polizei Control Department Virus - Bitte um Hilfe!...
Archiv
Du betrachtest: Polizei Control Department Virus - Bitte um Hilfe! auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131